Adding a set of Martin Fowler's code smells from Refactoring into my /review skill
Mysterious Name, Duplicated Code, Feature Envy, Data Clumps, Primitive Obsession, Repeated Switches, Shotgun Surgery, Divergent Change...
This stuff is catnip for LLMs
https://t.co/g0fpl9x09Q
Btw: all the things I do with AI are limited to a 200$/month spending: I have an OpenAI 20x account I pay myself. Plus, Anthropic generously provides 20x accounts to OSS software developers. If you think I shipped useful stuff, it's not by using a lot of money/tokens.
Three months ago I wrote that AI would finally make the services roll-up work: buy a fragmented, unglamorous industry, move it onto one AI stack, expand margins without expanding headcount.
@ThriveCapital just put $1B behind exactly that, starting with accounting.
No longer a theory.
i have seen enough proof now that using a coding agent is a deep skill
it's confusing because the people you see heavily using them produce horrible results
but that's because it's a skill! you can get better and the ceiling seems pretty high - this is very exciting to me
Solo founders are outperforming at record rates.
Completely unbiased take from the CEO of a company that helps solo founders not drown in admin: this data checks out! 👍
Leverage > headcount. Every time.
Perplexity just open-sourced the tool they use internally to keep their own developers safe. 😨
It's called Bumblebee. It runs quietly on a developer's laptop and checks for any sneaky code, suspicious browser plugins, or AI tools that might be silently leaking access to your data.
It covers Claude Code, Codex, Cursor, all of it.
Here is why this matters now.
For the last six months, hackers have been quietly slipping malicious code into the free building blocks that almost every app in the world is built on.
When a developer installs one of these poisoned pieces, the attacker gets a backdoor into everything that developer touches.
Including their AI tools and the keys that unlock them.
Most security tools defend the finished product. Bumblebee defends the person building it.
An independent security researcher read through the entire code and confirmed it is clean.
No hidden tracking. No data collection. No backdoors.
For two years, AI coding tools shipped with zero security defenses around them. Perplexity just shipped one. Free.
Worth installing if you build anything with AI.
Cursor's debug mode is great. But I wish i had it in Claude Code / Codex.
Introducing debug agent skill:
- /debug-agent [your bug]
- writes logs and actually repros the bug
- fixes the root cause
Code is an output. Nature is healing.
For too long we treated code as input. We glorified it, hand-formatted it, prettified it, obsessed over it.
We built sophisticated GUIs to write it in: IDEs. We syntax-highlit, tree-sat, mini-mapped the code. Keyboard triggers, inline autocompletes, ghost text. “What color scheme is that?”
We stayed up debating the ideal length of APIs and function bodies. Is this API going to look nice enough for another human to read?
We’re now turning our attention to the true inputs. Requirements, specs, feedback, design inspiration. Crucially: production inputs. Our coding agents need to understand how your users are experiencing your application, what errors they’re running into, and turn *that* into code.
We will inevitably glorify code less, as well as coders. The best engineers I’ve worked with always saw code as a means to an end anyway. An output that’s bound to soon be transformed again.
.@nodejs has always been about I/O. Streams, buffers, sockets, files. But there's a gap that has bugged me for years: you can't virtualize the filesystem.
You can't import a module that only exists in memory. You can't bundle assets into a Single Executable without patching half the standard library.
That changes now 👇
Introducing React Doctor
Scan your React codebase for anti-patterns:
- Unnecessary useEffects
- Fix accessibility issues
- Prop drilling instead of context / composition
Run as a CLI or agent skill. Repeat until passing. Fully open source
I think more and more companies/startups will implement a Code Factory system like this.
Just point your agent at this agent with the prompt
"Read this and create a .md plan for migrating our codebase to a Code Factory model"
Turns out with claude code, my decades long strategy of NOT deeply learning:
- regexs
- sql
- nginx confs
- elaborate shell commands
- advanced shell scripting
- any javascript framework
- perf optimization
- webpack, cdns, bundlers
- 1000 other things
...was entirely correct.